The next generation communication networks are characterized by the co-existent of the variety of network architectures due to the diverse requirements for data rate, radio coverage, deployment cost and multimedia service. The 3GPP (3rd Generation Partnership Project) is actively specifying the roaming mechanism in the integrated Wireless LAN (Local Area Network)/UMTS (Universal Mobile Telecommunication System) networks. It should be noted that this scenario is only a specific heterogeneous network. The IEEE 802.16 standard (WiMAX) is an emerging broadband wireless access system specified for Wireless Metropolitan Area Networks (Wireless MAN) bridging the last mile, replacing costly wire line and also providing high speed multimedia services. Multimedia service provisioning is one of the primary demands and motivations for the next generation networks. To achieve this goal, the IP Multimedia Subsystem (IMS) is added as the core network part providing the multimedia service, e.g. voice telephony, video conference, real-time streaming media, interactive game, and instant messaging. The multimedia session management, initialization and termination are specified and implemented in the Session Initiation Protocol (SIP).
WiMAX and IMS are used in global market now. WiMAX supports Internet protocol (IP) multimedia services through IMS. Operators and vendors are all interested in how a WiMAX mobile station (MS) accesses to IMS and how to improve user experience. Since the IMS information is delivered through the WiMAX transport network, a WiMAX MS must activate WiMAX IP Connectivity Access Network (IP-CAN) session before it can register to the IMS network. The substantial technical challenge is to design and implement the security architectures and protocols across such heterogeneous networks taking into account the performance of the network and experience of subscribers. For example, one of the most important features in the framework of network security management is mutual authentication mechanism that a subscriber is able to authenticate a network, and the network is also able to authenticate the subscriber.
In the related WiMAX forum and 3GPP specifications, authentication is performed at both WiMAX network level and IMS network level before a MS can access to IMS services. For example, Extensible Authentication Protocol-Authentication and Key Agreement (EAP-AKA) can be employed to authenticate WiMAX MS at the WiMAX network level, while IMS-AKA is the authentication method at IMS level, as illustrated in FIG. 1. It is very clear that this full authentication procedure includes two independent sub-procedures, i.e. an authentication sub-procedure at WiMAX IP-CAN level (see upper part of FIG. 1) and another authentication sub-procedure at IMS level (see lower part of FIG. 1). For simplicity, we call this full authentication procedure a “two-pass” authentication procedure. The technical problem is how to design a one-pass WiMAX and IMS authentication mechanism that can be used when a MS accesses to IMS via WiMAX.
There are no existing one-pass WiMAX and IMS authentication mechanism available currently. Yi-Bing Lin and etc. propose a one-pass authentication procedure in “One-Pass GPRS and IMS Authentication Procedure for UMTS,” IEEE Journal on selected areas in communications, vol. 23, no. 6, pp. 1233-1239, June, 2005. However, this paper only involves a one-pass GPRS and IMS authentication procedure for UMTS and can not work for WiMAX. In addition, the above proposition is limited because it does not propose how to set up security associations between MS and Proxy Call Session Control Function (P-CSCF), and it does not prove that a user correctly authenticates the IMS network.
On the other hand, the existing solution for WiMAX and IMS authentication is the normal “two-pass” authentication procedure, which brings more network traffic such as registration/authentication traffic than a “one-pass” authentication procedure.